public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "zhangboyang.id at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/24542] potential integer overflow should be warned on assignment to wider variable
Date: Fri, 31 Mar 2023 08:15:37 +0000 [thread overview]
Message-ID: <bug-24542-4-mS5rml8afJ@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-24542-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24542
--- Comment #12 from Zhang Boyang <zhangboyang.id at gmail dot com> ---
Hi,
Sorry for filled a duplicate bug. But I'd like to suggest reconsider this
feature request. Here are two reasons:
1) "u64 = 1 << u32", "u64 = u32 * u32" are common mistakes in beginners,
2) These expressions may introduce vulnerability especially on now-widely-used
64-bit machines:
On a typical 64-bit machine, it's ok to write:
unsigned x = ...;
malloc(sizeof(...) + x)
but it will introduce vulnerability with a trivial change of "*2", i.e.:
malloc(sizeof(...) + x * 2)
If expression is very long, it's very hard to find out where is the bug.
Instead of warn on multiplys, I suggest a new "-Wexpr-conversion", it will
detect and warn on implicit conversions if and only if: 1) convert to wider
variable, and 2) value is real expression (i.e. result of operands, like a*b;
but not variable or function call or explicit cast)
For example, it should warn on:
uint64_t u64 = ...;
uint32_t u32 = ...;
u64 = 1 << u32;
// ^^^^^^^^
// suggests "u64 = (uint64_t)1 << (uint64_t)u32"
// suppressed by "u64 = (uint32_t)(1 << u32)"
But not on:
u64 = u32;
u64 = (u32)(...);
u64 = f(...);
This might be a kind of noisy warning like "-Wconversion" but I believe it will
help some people (we can just disable it by default).
Zhang Boyang
next prev parent reply other threads:[~2023-03-31 8:15 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-24542-4@http.gcc.gnu.org/bugzilla/>
2023-03-31 7:16 ` pinskia at gcc dot gnu.org
2023-03-31 8:15 ` zhangboyang.id at gmail dot com [this message]
2023-03-31 9:18 ` [Bug c/24542] potential unwanted truncation of operation " rguenth at gcc dot gnu.org
2023-03-31 9:33 ` rsandifo at gcc dot gnu.org
2023-08-07 11:00 ` mail+gcc at nh2 dot me
2023-08-07 14:34 ` pinskia at gcc dot gnu.org
2005-10-26 14:54 [Bug c/24542] New: integer " alexey at hyperroll dot com
2005-10-26 15:59 ` [Bug c/24542] potential " pinskia at gcc dot gnu dot org
2005-10-26 16:00 ` pinskia at gcc dot gnu dot org
2005-10-26 17:12 ` alexey at hyperroll dot com
2005-11-01 22:29 ` pinskia at gcc dot gnu dot org
2006-03-13 21:49 ` alexey at hyperroll dot com
2006-03-13 21:52 ` pinskia at gcc dot gnu dot org
2006-09-18 0:18 ` pinskia at gcc dot gnu dot org
2006-09-18 5:48 ` alexey at hyperroll dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-24542-4-mS5rml8afJ@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).